Cross-Site Request Forgery Vulnerability in Fossura Tag Miner Plugin for WordPress
CVE-2016-10978

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Tag Miner
Vendor: CVE Published:; 17 September 2019

What is CVE-2016-10978?

The Fossura Tag Miner plugin for WordPress versions prior to 1.1.5 is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to trick users into executing unwanted actions on the WordPress site without their consent. This vulnerability could potentially compromise the security of the site, especially if users are authenticated during such attacks. It is crucial for WordPress site owners using this plugin to update to the latest version to mitigate this security risk.

References

https://wpvulndb.com/vulnerabilities/8486

x_refsource_MISC

https://wordpress.org/plugins/fossura-tag-miner/#developers

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Sep 17, 2019

Wordpress

What is CVE-2016-10978?

References

CVSS V3.1

Timeline